Guidance for the WannaCrypt or WannaCry attacks

16 May Guidance for the WannaCrypt or WannaCry attacks

Media coverage has likely made you aware of the most recent “ransomware” cyber attacks. Identified as one of the “largest cyberattacks ever”, the WannaCry and WannaCrypt attacks make use of a vulnerability first uncovered by the National Security Agency and then stolen and released by hackers. This attack is a variation on the “ransomware” theme whereby computers and networks are infiltrated and the data and system files encrypted. Ransomware is not new, and neither is the specific vulnerability exploited by these attacks. However, the media attention focused on these events, along with the initial scale and scope of the attack, has been widespread.

Here are the recommendations for preventing problems associated with this specific attack in your network.

1) ESET
Check that your ESET anti-virus is updating and active. ESET’s official statement:
“As you may know, a massive ransomware attack known as “WannaCry” began on Friday, May 12.
ESET security products detect and block this malware.
Unlike other vendors, ESET’s proactive, multilayered solution not only blocks this ransomware, but can also stop it from spreading by blocking the utilized exploit (Eternal Blue).
ESET Internet Security, featuring Network Attack Protection, prevents the spread of malware that leverages exploits.”
The full text can be found here:
https://www.eset.com/ca/about/newsroom/corporate-blog/what-you-need-to-know-about-wannacry/?elq_mid=3063&intcmp=emc-wc-lps-051517&elqTrackId=65b8c8376dcc4a84b6fbc4b04a4031e8&elq=4827e479ac6d423a8a6fa717d0ab67b9&elqaid=3063&elqat=1&elqCampaignId=1384

2) MS Windows
Check that your Windows computers have the Microsoft MS17-010 patch (Published: March 14, 2017), specifically addressing the SMB vulerability that worms like WannaCry utilize. If you are using an MS Supported O/S and are setup with automatic updates, installing all important patches, you’re probably fine.

O/S Specific information is:

Windows 10
Depending on the build version, the computer may or may not contain the faulty SMBv1 driver and may or may not need to be patched.

Creators Update (version 1703) is fine.

Anniversary Update (version 1607) – Check your build number. If you have Build 14393.953 or later, you’re fine. If you don’t, use Windows Update to install the latest build 14393.1198. SMBv1 is patched in 14393.953 and beyond.

Fall Update (version 1511) – Use the steps above to check your build number. You have to be at build 10586.839 or later.

RTM (“version 1507”) – Follow the same procedure to make sure you’re up to or beyond build 10240.17319. This product will EOL shortly.

Windows 8.1
To see if the patch is installed, click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see if you have ANY of these patches:
2017-05 Security Monthly Quality Rollup for Windows 8.1 (KB4019215)
April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 (KB4015553)
April, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4015550)
March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216)
March, 2017 Security Only Quality Update for Windows 7 (KB4012213)
If you have any of those patches, the computer is patched. If the computer contains none of those patches, download and install the March 2017 Security Only Quality Update for Windows 8.1 (KB4012213) for 32-bit or 64-bit.

Windows 8
These computers are not receiving updates and will not be patched against WannaCry, unless specific steps are taken. Download the appropriate patch from the Microsoft blog post at:

Windows 7
To check whether the patch is already installed. Click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see if you have any of these patches:
2017-05 Security Monthly Quality Rollup for Windows 7 (KB4019264)
April, 2017 Preview of Monthly Quality Rollup for Windows 7 (KB4015552)
April, 2017 Security Monthly Quality Rollup for Windows 7 (KB4015549)
March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)
March, 2017 Security Only Quality Update for Windows 7 (KB4012212)
If you have any of those patches already installed, then the computer is patched and OK.
If you have none of the patches, download and install the March 2017 Security Only Quality Update for Windows 7 (KB4012212) for 32-bit or 64-bit.

Vista
To see if the patch is already installed, click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Look for one marked “Security Update for Windows Vista (KB4012598).” If you don’t have it, download it from the Microsoft Update Catalog, and install it.

XP
The Micosoft patch for XP and other older O/S options can be found here: